This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to thefollowing package versions:

Ubuntu 7.04: rsync 2.6.9-3ubuntu1.2

Ubuntu 7.10: rsync 2.6.9-5ubuntu1.1

In general, a standard system upgrade is sufficient to effect thenecessary changes.

Details follow:

Sebastian Krahmer discovered that rsync could overflow when handling ACLs.An attacker could construct a malicious set of files that when processedby rsync could lead to arbitrary code execution or a crash.